Some interesting stuffs (blogs/articles/papers and useful resources) that I’ve read in Q4 2017.


KRACK – Key Reinstallation Attacks: Forcing Nonce Reuse in WPA2

ROCA – Vulnerable RSA generation

Exploiting DDE in Microsoft Office

BadRabbit Technical Analysis

SSL/TLS and PKI History

Deep Insights into the CCleaner Backdoor

E-mail spoofing by breaking DKIM

Sed and Awk for pentester

Strategies for offline PGP key storage

Wi-Fi packet sniffing / monitoring on Windows using Raspberry Pi

Disqus Demonstrates How to Do Breach Disclosure Right

MetaTwin – Borrowing Microsoft Metadata and Digital Signatures to “Hide” Binaries

Reverse engineering a Gameboy ROM with radare2

Inside the macOS log: logd and the files that it manages

What’s your Mac been up to for the last 3 months? Inside macOS’s hidden activity records

The Absurdly Underestimated Dangers of CSV Injection

My First CloudFront Domain Takeover/Hijack

Hack ATM with an anti-hacking feature and walk away with $1M in 2 minutes

Apple HEIF and HEVC file format analysis

Inside Two-Factor Authentication Apps

A Closer Look at North Korea’s Internet

Everything You Wanted To Know About Blockchains

Build Your Own Blockchain

The 6-Step “Happy Path” to HTTPS

IoT_reaper: A Rappid Spreading New IoT Botnet

A brief introduction to the Windows Registry with RegRipper & Registry Explorer

Spoofing GPS signals to crash stock exchanges

Recovering a blurred QR Code to access a bitcoin wallet private key

Securing a Web Hidden Service – Quick guide on how to preserve a .onion anonymity

Hacking Cryptocurrency Miners with OSINT Techniques

Some links to cool CIA articles

Bug Bounty Toolkit

10 Methods to Bypass Cross Site Request Forgery (CSRF)

The iPad Pro as main computer for programming

Vim after 15 Years

Learn to use GNU awk with hundreds of examples

Building Better Security Presentations

Modern Love: Are We Ready for Intimacy With Robots?


Creating a Simple Free Malware Analysis Environment

Microsoft Security Advisory – Securely opening Microsoft Office documents that contain Dynamic Data Exchange (DDE) fields

New WikiLeaks publication reveals CIA wrote code to impersonate Kaspersky Labs anti-virus company

OceanLotus Blossoms: Mass Digital Surveillance and Attacks Targeting ASEAN, Asian Nations, the Media, Human Rights Groups, and Civil Society

The $280M Ethereum’s Parity bug

Getting Local Admin by Abusing the Anti-Virus Quarantine

Analysis of the ShadowBrokers “envisoncollision” Exploit

Results of a Password Cracking Contest for My Security Class (Fall 2017)

How I Reverse Engineered and Exploited a Smart Massager

Inside a low budget consumer hardware espionage implant

PureVPN: A bundle of WTF

Places of Interest in Stealing NetNTLM Hashes

Investigation Report for the September 2014 Equation malware detection incident in the US

250+ tools for managing Apple devices

Reverse engineering the Intel FSP… a primer guide!

The Motherboard Guide to Not Getting Hacked

Fully undetectable backdooring PE file

Exfiltration of personal data by session-replay scripts

x64 Egg hunting in Linux systems

Using Burp Suite’s Collaborator to Find the True IP Address for a .Onion Hidden Service

Hijacking Bitcoin: Routing Attacks on Cryptocurrencies

Segwit2x Bugs Explained

Unofficial Guide to Mimikatz & Command Reference

Why Gets You Root – tracking down the cause of a macOS serious authentication flaw

iOS 11 Horror Story: the Rise and Fall of iOS Security

Understanding and Exploiting Web-based LDAP

Huge Dirty COW vulnerability (CVE-2017–1000405) writeup and PoC

Apple is sharing your face with apps. That’s a new privacy worry.

A beginner’s guide to getting started in the cryptocurrency world

An Intro to x86_64 Reverse Engineering


Reverse Engineering Using Radare2

Analysis malicious document files (PDF, Office, RTF)

Spreading techniques using deception based architecture.

MailSploit – a collection of bugs in email clients that allow effective sender spoofing and code injection attacks

Review & Teardown of a cheap GPS Jammer

Process Doppelgänging

Modern Web Application Penetration Testing Part 2, Hash Length Extension Attacks

EUD Security Guidance: macOS 10.13 High Sierra

The Mathematics of 2048: Counting States by Exhaustive Enumeration

How to write an Application Security Resume

Public malware techniques used in the wild: Virtual Machine, Emulation, Debuggers, Sandbox detection.

DNS Performance Comparison: Google, Quad9, OpenDNS, Norton, CleanBrowsing, and Yandex

Fox-IT hit by cyber attack: Lessons learned from a Man-in-the-Middle attack

Metasploitable 3 – A Walk-through: Linux Edition

My Grand Tour of Pentest Interviews

Great iOS Jailbreak Material

AppLocker – Case study – How insecure is it really?

Harden Windows with AppLocker – based on Case study

North Korea Bitten by Bitcoin Bug: Financially motivated campaigns reveal new dimension of the Lazarus Group

Learn all you need to know to start doing web penetration testing

Learn Android Security

Intercepting HTTPS Traffic from Apps on Android 7+ using Magisk & Burp

Inside Mirai the infamous IoT Botnet: A Retrospective Analysis

Why TLS 1.3 isn’t in browsers yet

Analyzing an Apple Pay Transaction with Proxmark3

No boundaries for user identities: Web trackers exploit browser login managers

Data analysis of Game of Thrones determines who really is the main character

Cracking Encrypted PDFs

Invoke-Obfuscation – a PowerShell v2.0+ compatible PowerShell command and script obfuscator

The Ghost in the MP3

DOS Attack Penetration Testing (Part 1)

My Favorite Deep Learning Papers of 2017

Best crypto blog posts of 2017

Mac Malware of 2017

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s